WordPress Plugin Vulnerabilities

Funnel Builder by CartFlows < 1.3.1 - Authenticated Arbitrary Plugin Activation

Description

Issue allowing any authenticated user to active a plugin on the blog.

Affects Plugins

Plugin icon
cartflows
Fixed in 1.3.1

References

CVE
CVE-2019-25151
URL
https://blog.nintechnet.com/privilege-escalation-vulnerability-fixed-in-wordpress-cartflows-plugin/

Classification

Type
PRIVESC
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-269

Miscellaneous

Original Researcher
Jerome Bruandet
Verified
No
WPVDB ID
b6725319-909f-4d5c-9b34-8b6ea627b223

Timeline

Publicly Published
2019-11-07 (about 6 years ago)
Added
2019-11-07 (about 6 years ago)
Last Updated
2023-06-08 (about 2 years ago)

Other

Published
Title
Published
2025-01-20
Title
WordPress Easy Real Estate Plugin < 2.3.0 - Privilege Escalation
Published
2025-04-03
Title
Vehica Core < 1.0.98 - Authenticated (Subscriber+) Privilege Escalation
Published
2021-01-12
Title
Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Privilege Escalation
Published
2020-01-28
Title
Wordable < 3.1.2 - Plugin's Authentication Bypass
Published
2026-02-10
Title
Miraculous Elementor < 2.0.8 - Authenticated (Subscriber+) Privilege Escalation